Depending on the severity of the bug discovered, rewards can vary from less than 50,000 air miles up to 1 million. Example of eligible bugs include the ability to brute-force passwords, bypassing authentication, finding bugs on customer-facing sites, and remote code execution.

But United also rules out rewards for testing for other potential flaws, warning that researchers who attempt to will be permanently disqualified from the program and possibly subject to a "criminal and/or legal investigation." These include denial-of-service attacks, compromising accounts that are not your own, "any testing on aircraft or aircraft systems," and threats, attempted coercion, or physical attacks on United employees.

The news of the bounty program is most likely part of an effort by United Airlines to appear more security-friendly. The airline has recently faced a slew of negative publicity in the cybersecurity community after refusing to allow researcher Chris Roberts on one of its planes after he joked on social media he could get make the oxygen masks deploy mid-flight.

Roberts had previously been outspoken about potential vulnerabilities in airlines' on-board software, according to The Guardian. "Given Mr. Roberts' claims regarding manipulating aircraft systems, we've decided it's in the best interest of our customers and crew members that he not be allowed to fly United," a company representative said.